Gitrob is a command line tool which can help organizations and security professionals find sensitive information lingering in publicly available files on GitHub. The tool will iterate over all public organization and member repositories and match filenames against a range of patterns for files that typically contain sensitive or dangerous information.
Looking for sensitive information in GitHub repositories is not a new thing, it has been known for a while that things such as private keys and credentials can be found with GitHub's search functionality, however Gitrob makes it easier to focus the effort on a specific organization.
Gitrob alternatives and similar gems
Based on the "Security" category.
Alternatively, view Gitrob alternatives based on common mentions on social networks and blogs.
Metasploit10.0 10.0 L1 Gitrob VS MetasploitMetasploit Framework
BeEF9.7 8.1 Gitrob VS BeEFThe Browser Exploitation Framework Project
Brakeman9.5 6.7 L3 Gitrob VS BrakemanA static analysis security vulnerability scanner for Ruby on Rails applications
Rack::Attack9.1 2.5 L5 Gitrob VS Rack::AttackRack middleware for blocking & throttling
SecureHeaders8.6 6.9 Gitrob VS SecureHeadersManages application of security headers with many safe defaults
bundler-audit8.0 6.9 L5 Gitrob VS bundler-auditPatch-level verification for Bundler
RbNaCl5.9 2.8 L5 Gitrob VS RbNaClRuby FFI binding to the Networking and Cryptography (NaCl) library (a.k.a. libsodium)
Hashids5.7 0.0 L5 Gitrob VS HashidsA small Ruby gem to generate YouTube-like hashes from one or many numbers. Use hashids when you do not want to expose your database ids to the user.
Rack::Protection5.5 0.0 Gitrob VS Rack::ProtectionNOTE: This project has been merged upstream to sinatra/sinatra
Ronin4.7 10.0 Gitrob VS RoninRonin is a free and Open Source Ruby toolkit for security research and development. Ronin also allows for the rapid development and distribution of code, exploits, payloads, etc, via 3rd party git repositories.
Rack::UTF8Sanitizer3.7 0.0 Gitrob VS Rack::UTF8SanitizerRack::UTF8Sanitizer is a Rack middleware which cleans up invalid UTF8 characters in request URI and headers.
Clamby2.3 0.0 Gitrob VS ClambyClamAV interface to your Ruby on Rails project.
ronin-exploits1.9 10.0 Gitrob VS ronin-exploitsA Ruby micro-framework for writing and running exploits
SiRP1.4 0.0 L5 Gitrob VS SiRPSecure (interoperable) Remote Password Auth (SRP-6a)
ronin-vulns1.3 10.0 Gitrob VS ronin-vulnsTests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.
TSS - Threshold Secret Sharing1.1 0.0 L5 Gitrob VS TSS - Threshold Secret SharingA Ruby implementation of Threshold Secret Sharing (Shamir) as defined in IETF Internet-Draft draft-mcgrew-tss-03.txt
Active Entry0.7 0.0 Gitrob VS Active EntryA flexible access control system for your Rails app
Rack::JsonWebTokenAuth0.5 0.0 L5 Gitrob VS Rack::JsonWebTokenAuthRack middleware for authentication using JSON Web Tokens (JWT)
sessionKeys0.3 0.0 L5 Gitrob VS sessionKeysA tool for the deterministic generation of unique user IDs, and NaCl cryptographic keys from a single username and high entropy passphrase.
Rack::ContentSecurityPolicy0.3 0.0 L5 Gitrob VS Rack::ContentSecurityPolicyRack middleware for declaratively setting the HTTP ContentSecurityPolicy (W3C CSP Level 2/3) security header to help prevent against XSS and other browser based attacks.
Access the most powerful time series database as a service
* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.
Do you think we are missing an alternative of Gitrob or a related project?
Gitrob: Putting the Open Source in OSINT
Gitrob is a tool to help find potentially sensitive files pushed to public repositories on Github. Gitrob will clone repositories belonging to a user or organization down to a configurable depth and iterate through the commit history and flag files that match signatures for potentially sensitive files. The findings will be presented through a web interface for easy browsing and analysis.
gitrob [options] target [target2] ... [targetN]
-bind-address string Address to bind web server to (default "127.0.0.1") -commit-depth int Number of repository commits to process (default 500) -debug Print debugging information -github-access-token string GitHub access token to use for API requests -load string Load session file -no-expand-orgs Don't add members to targets when processing organizations -port int Port to run web server on (default 9393) -save string Save session to file -silent Suppress all output except for errors -threads int Number of concurrent threads (default number of logical CPUs)
Saving session to a file
By default, gitrob will store its state for an assessment in memory. This means that the results of an assessment is lost when Gitrob is closed. You can save the session to a file by using the
gitrob -save ~/gitrob-session.json acmecorp
Gitrob will save all the gathered information to the specified file path as a special JSON document. The file can be loaded again for browsing at another point in time, shared with other analysts or parsed for custom integrations with other tools and systems.
Loading session from a file
A session stored in a file can be loaded with the
gitrob -load ~/gitrob-session.json
Gitrob will start its web interface and serve the results for analysis.
A precompiled version is available for each release, alternatively you can use the latest version of the source code from this repository in order to build your own binary.
Make sure you have a correctly configured Go >= 1.8 environment and that
$GOPATH/bin is in your
$ go get github.com/michenriksen/gitrob
This command will download gitrob, install its dependencies, compile it and move the
gitrob executable to
Github access token
Gitrob will need a Github access token in order to interact with the Github API. Create a personal access token and save it in an environment variable in your
.bashrc or similar shell configuration file:
Alternatively you can specify the access token with the
-github-access-token option, but watch out for your command history!